Trojan:Win32/Kpot.PA!MTB removal

The Trojan:Win32/Kpot.PA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Kpot.PA!MTB virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process attempted to delay the analysis task.
Drops a binary and executes it
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Attempts to interact with an Alternate Data Stream (ADS)
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

bibpap.com

How to determine Trojan:Win32/Kpot.PA!MTB?


File Info:
crc32: A480032E
md5: 65051f94d8a92581411db10081687114
name: 6144722.exe
sha1: adaebf8c3adc3bb5ef94272ecb3daab58c8cbfa8
sha256: 8b39d1e30cf906bdaf138ab33152f50bfa767cdac2f82a9d5408689240a36ce1
sha512: 9ded5d8dac45952119b877652bb3c592e039ef847cb645e240833cb4626b8cef99f31f79d844cf21d5585014c6b60ad0c56f1f24a9d6fe19cdfc6a44f27f33bc
ssdeep: 12288:8ku5Gmo2BiBTh8Mtd1P5N8QScL2VphXXh01xWnX3L83v5K/0BAVih/FCk:8XMMib8MtJN8sGb2O7K58hVq/FCk
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan:Win32/Kpot.PA!MTB also known as:

MicroWorld-eScan	Trojan.Agent.EOBX
FireEye	Generic.mg.65051f94d8a92581
McAfee	Fareit-FRQ!65051F94D8A9
Cylance	Unsafe
K7AntiVirus	Trojan ( 005640bd1 )
BitDefender	Trojan.Agent.EOBX
K7GW	Trojan ( 005640bd1 )
Cybereason	malicious.c3adc3
Invincea	heuristic
F-Prot	W32/Trojan2.QBUB
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
GData	Trojan.Agent.EOBX
Kaspersky	HEUR:Trojan-PSW.Win32.Agensla.gen
Alibaba	Trojan:Win32/DelfInject.ali2000015
AegisLab	Trojan.Win32.Agensla.i!c
Tencent	Win32.Trojan-qqpass.Qqrob.Wlpd
Ad-Aware	Trojan.Agent.EOBX
Sophos	Mal/Fareit-V
F-Secure	Trojan.TR/Injector.vqlqg
DrWeb	Trojan.Siggen9.36003
Zillya	Trojan.Injector.Win32.697670
TrendMicro	TrojanSpy.Win32.LOKI.SMDF.hp
McAfee-GW-Edition	BehavesLike.Win32.Fareit.bh
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.Agent.EOBX (B)
Ikarus	Trojan.Inject
Cyren	W32/Trojan.RNNS-5963
Avira	TR/Injector.vqlqg
MAX	malware (ai score=81)
Endgame	malicious (high confidence)
Arcabit	Trojan.Agent.EOBX
ZoneAlarm	HEUR:Trojan-PSW.Win32.Agensla.gen
Microsoft	Trojan:Win32/Kpot.PA!MTB
AhnLab-V3	Suspicious/Win.Delphiless.X2059
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZelphiF.34106.UGW@a8uvHldi
ALYac	Trojan.Agent.EOBX
VBA32	Trojan.Wacatac
Malwarebytes	Trojan.MalPack.DLF
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.59782
ESET-NOD32	a variant of Win32/Injector.ELJN
TrendMicro-HouseCall	TrojanSpy.Win32.LOKI.SMDF.hp
Rising	Trojan.Lokibot!8.F1B5 (CLOUD)
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Injector.EESQ!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Generic/HEUR/QVM05.1.74D5.Malware.Gen

How to remove Trojan:Win32/Kpot.PA!MTB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Kpot.PA!MTB removal